<?php
    session_start();
    
    include_once'fun.php';
    $con = connect();
    if ((isset($_POST['user'])) ||(isset($_POST['password']))||(isset($_POST['code'])))
    {  $user =$_POST['user'];
    $passwd = md5($_POST['password']);
    $code=strtolower(str_replace(" ",'',$_POST['code']));
     $sql="select * from user where id='$user' AND password='$passwd'";
     $res=query($sql,$con);
     
    if($res->num_rows!=0&&$code==$_SESSION['code'])
        {
            
            $row = mysqli_fetch_assoc($res);
            $_SESSION['username']=$row['username'];
            $_SESSION['userid']=$row['id'];
            $_SESSION['isadmin']=$row['isadmin'];
            echo "<script>location='shop.php'</script>";
            exit;
        }
    
    else if($user==''){
        alertMes('请输入用户名','login.php');
    }
    else if($code!=$_SESSION['code'])
    {
        alertMes('验证码错误','login.php');
    }
    else{
    alertMes('用户名或密码错误','login.php');
    }
    
    }
    include_once 'html/login.html';
